The latest Cybersecurity and PII Report (Personally Identifiable Information) from ManageEngine has provided new insight into the state of cybersecurity in organisations across Australia and New Zealand. The survey shows that many companies that have faced breaches over the past year have yet to change their data management policies, despite substantial amounts of personally identifiable information (PII) being compromised.
Based on feedback from over 300 IT decision-makers from ANZ, 51 per cent of organisations that had faced between one and five breaches in the past year said PII was involved. Surprisingly, 54 per cent of these organisations either made no adjustments in their PII management after the breaches or were unaware of any modifications. A notable 42 per cent stated they hadn’t received guidance on PII management protocols.
A breakdown of data categories held by the respondents indicated:
- 55% store data on past customers
- 41% on past employees
- 70% on current customers
- 66% on current employees
- 37% on potential customers.
Reflecting on the findings, Vinayak Sreedhar, ManageEngine’s country manager for Australia, shed light on Australia’s lack of preparedness in cybersecurity by saying, “Last year saw significant breaches impacting millions of Australians with data appearing on the dark web. The fallout led to talks around the legal right to request the removal of personal data from company databases. The law remains unchanged in Australia, and these survey results suggest that local organisations haven’t shifted their practices either.”
The survey also touched on cyber resilience. A significant 24 per cent of participants, who were aware of the concept of cyber resilience, reported their organisation either lacked a cyber resilience policy or were unaware if one existed. Alarmingly, 63 per cent hadn’t familiarised themselves with the Essential Eight – a cybersecurity framework recommended by the Australian Cyber Security Centre to fortify cyber readiness.
Rajesh Ganesan, the president of ManageEngine, emphasised the urgent need for companies in ANZ to bolster their cybersecurity measures. “Adhering to regional data protection standards and enhancing cyber resilience are vital. Businesses should be safeguarding their own operations and the confidential data of their employees and clients, both current and former. This report underlines the immediate nature of this need.”
Other findings from the report included:
- 73% of respondents whose companies had experienced a breach said recovery and restoration of operations occurred within 24 hours after critical systems were impacted.
- 74% stated their organisation hasn’t paid ransom to retrieve data, but 10% did acknowledge doing so.
- Awareness about major data breaches varied significantly, with 17% of Australian participants and 47% of New Zealand participants admitting lack of knowledge about major cyber incidents in Q3 2023.
The study was carried out by StollzNow, a research firm based in Sydney. Commissioned by ManageEngine, it covered a wide array of topics, from cyber resilience and PII management to malware and the implications of hybrid work models on cybersecurity. The findings offer a blueprint for decision-makers to address the pressing cybersecurity challenges and recalibrate their organisations for future growth.